Google Agent Development Kit Code Injection and Missing Authentication Vulnerability

A code injection vulnerability combined with missing authentication has been identified in the Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2). This vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. The issue is present in Python (OSS), Cloud Run, and GKE environments.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where ADK is running.

Reproduction

To reproduce this vulnerability, deploy an affected version of Google ADK on a server using Cloud Run or GKE. Once the application is running, an unauthenticated remote attacker can send a request that exploits the code injection vulnerability, leading to arbitrary code execution on the server.

Remediation

Users should upgrade to Google ADK versions 1.28.1 or 2.0.0a2. After upgrading, it is necessary to redeploy the ADK to production environments. If ADK Web is being run locally, the local instance must also be upgraded.